Tag Archives: Meta-Data

The Surveillance State: Medusa and Endace – Two Names You Need To Remember

by in Communications, Computer Related, Counter-Surveillance, Current Events, Cyber Espionage, Cyber News, Cyber-Crime, Cyber-Security, Cyber-Skills, Cyber-Warfare, Government Gangsters, The Surveillance State and tagged , , , , , , , , , | 1 Comment

Cyber-Warfare: Policing The Dark Web and How it Can Effect National Sovereignty

by in Communications, Computer Related, Counter-Surveillance, Crime Awareness, Current Events, Cyber-Crime, Cyber-Security, Cyber-Skills, Cyber-Warfare, Fourth Gen Warfare, Future Warfare, Identity Theft, Information Warfare, Law Enforcement, Legal Matters, Limited Government, Technology, The Surveillance State and tagged , , , , , , , , , , , | 1 Comment

keybaords

Cops hack into foreign computers to find cyber criminals

As crime continues to proliferate on the so-called dark web, law enforcement agencies are sometimes having to work outside of their jurisdiction. When a suspected criminal acts on the dark web, authorities are unlikely to know where in the world he or she is physically located. So if they then attempt to take action, they might be inadvertently carrying out an operation that crosses borders.

One researcher argues in a working paper that this raises serious concerns around national sovereignty, and could even lead to retaliation from affected countries or prosecution of investigators.

“Basically, it’s like playing Russian Roulette with cross-border cyber operations,” Ahmed Ghappour, visiting assistant professor at UC Hastings College of Law and author of the paper “Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web,” told Motherboard in a phone call.

In response to dark web-related crime, law enforcement agencies have moved to more non-traditional means of identifying suspects, in some cases directly hacking criminals’ computers to circumvent the protections given by the Tor anonymity network.

But, because it’s largely impossible to know where a target computer is located before it’s been hacked, the FBI and other bodies are sometimes breaking into computers overseas, without explicit consent of the host country. “At bottom, no country has consented to us hacking them, or hacking their citizens, in the same way that we haven’t consented to another country to hack us,” Ghappour said.

Read the Remainder at Motherboard

 

 

 

Crusader Corner: Tracking Down Salah Abdeslam

by in Counter-Surveillance, Counter-Terrorism, Counter-Terrorism 101, Counterintelligence, Crime Awareness, Current Events, Cyber Espionage, Cyber-Skills, ISIS, ISIS Corner, Law Enforcement, Private Military Contractors, Security, Spycraft, Terrorism, Tradecraft and tagged , , , , , , | 2 Comments

Man Hunting, The Sport of Security Forces

Mickey

 

Bottom Line Up Front

  • Intelligence agencies must cooperate more rapidly and proactively to counter ISIS’ rapid and haphazard operational tempo.
  • Clandestine operatives must rely on support networks that include overt members of the public. These networks are easily mapped out based on metadata available to nation state level security forces.
  • Fugitives should learn to cook if they want to minimize their footprint and improve their security.
  • Exposure of clandestine networks is inevitable, given modern data sources. Only extremely disciplined non-organic organizations can hope to survive for long.

The capture of Salah Abdeslam is certainly good news, he will be a rich source of information about ISIS inside Europe. The man hunt was intense and his ability to remain hidden inside Belgium for months was quite an accomplishment, particularly given the poor ISIS security. Belgian police, with considerable assistance from international intelligence agencies, have been following leads and conducting raids.

“Changed my mind, haven’t seen Paul Blart Mall Cop 2 yet”

Salah went missing after he wimped out of “martyrdom,” ditching his suicide vest and calling friends to come pick him up and take him home. The car was stopped by the French and everyone IDed, but their names weren’t available to the police yet.

Clearly, security forces are not sharing counterterrorism information fast enough to handle modern operations. A slow moving target like the Soviets, or even al Qaeda, allows for a more relaxed approach. ISIS’ operational tempo and behavior is too fast and haphazard.

Defunct Safe Houses

The Molenbeek area where Salah has been hiding is riddled with radical support networks and sympathizers. He was able to rely on his friends and other support networks. Police targeted elements of these support networks, and eventually discovered a link to Salah himself.

Belgian and French police, who had worked intensively together since November 13, carried out a midday check on what, according to several officials, they thought was a defunct terrorist safe house. The utility bills hadn’t been paid in months, officials said, leading police to assume the apartment in the Forest district of southern Brussels stood empty. The six-person team didn’t expect to meet resistance and brought no police backup or special forces support.

When the police opened the door, they were shot at with a Kalashnikov and “a riot gun,” according to the Belgian authorities. Four officers were wounded, including a French policewoman. Heavily-armed police pursued suspects across the rooftops. One gunman was killed. Two fled the scene, evading capture even though police had sealed off the area.

The “defunct” safe house had a glass with Salah’s fingerprint. Police developed a number of leads and ended up monitoring a house in the Molenbeek area.

Speculation: those leads were based on analysis of mobile devices, and knowledge of existing social networks. Using the identities of the suspects from the safe house as an entry point into the support network, based on social ties, further likely suspects could be identified.

Update: the lead was based on metadata — a phone call.

Staking out the house, the police became convinced that a larger group of people was there after a woman who seemed to live there ordered several pizzas, according to two security officials

Just like the raid on el Chapo Guzman was triggered by a large food order, it seems Salah’s capture was based on too many pizzas. Maybe fugitives might want to consider cooking at home, rather than ordering delivery.

Social Networks, Not Just For Entrepreneurs

FB1

How Salah fits into ISIS terror nexus in France/Belgium. Already had 1-2 names missing before today…

It seems that significant parts of the manhunt were enabled by recovering and analyzing mobile phones used by the various suspects.

Aside from the fingerprint found on Tuesday, earlier raids on suspected terrorist hideouts brought other important leads, according to officials. Electronic devices confiscated in earlier raids helped authorities track Abdeslam down, said a Belgian source. Once a suspect’s mobile number and sim card have been identified, investigators can then serve a court order on telecoms operators to track the number and card down to the nearest phone tower.

The location information generated by the mobile devices (phones and possibly tablets) enabled security forces to track not only individuals, but to map out their networks via e.g. co-location. Mobile phones, even when encrypted and even when using encrypted communications tools, still provide a rich source of intelligence information to security forces.

Big Data Analysis Beats Covert Networks

Modern connected society is a huge data source for the intelligence analyst. Social connections are mapped out via online social networks such as Facebook, but also in meat space via the mobility of personal tracking devices such as mobile phones. An underground operative, such as Salah, can avoid using mobiles and computers, but the various elements of his above ground support network are as reliant on modern tools as anyone else.

“The guerrilla must move amongst the people as a fish swims in the sea.” — Mao Zedong

The problem for underground operatives is that they are reliant on support networks. Support networks for clandestine organizations are almost always based on social networks. Modern society makes support networks an open book for anyone with access to the data (social apps, telco records, etc) and the analytic tools to parse that data (eg Palintir, analysts notebook, etc). Tracing threads has become trivial (even with encrypted comms), the hard part is merely finding an entry point.

Read the Original Article at Medium

Intel Tradecraft: Geo-Tagging and Identifying a Picture by it’s Background (Similar Image Search)

by in Computer Related, Cyber-Crime, Cyber-Warfare, Espionage Files, Information Warfare, Intelligence Tradecraft, Reference Materials, Security, Technology, Tradecraft and tagged , , , , , , , , , | 2 Comments

camera

 

In the most recent episode of HomelandCarrie while trying to figure out what direction to go in searching a stolen laptop for intel, is distracted by the computer’s screen saver which is a picture that shows the suspect in a beachfront bar in what appears to be a tropical location. Thinking back, Carrie remembers one of her associates (Allison) mention the name of a beachfront bar (Banana Joe’s) in the West Indies (St. Lucia Island). Carrie then has her computer tech do a google search for “Banana Joe’s Bar”. She then pulls up the image of the bar and compares it with the screen saver picture; sure enough the backgrounds match, right down to the yellow fence and bamboo awning of the bar.

In the 21st century, pictures just don’t say a 1,000 words anymore, they can tell (down to the square inch) the EXACT location of that picture to the person who knows where to look.

The first way this can be accomplished is through Geo-Tagging. 

Geotagging is the process of adding geographical information to various media in the form of metadata. The data usually consists of GPS coordinates like latitude and longitude, but may even include bearing, altitude, distance and place names. Geotagging is most commonly used for photographs and can help people get a lot of specific information about where the picture was taken or the exact location of a friend who logged on to a service.

For those of you that keep up with the news, you will remember this recent story about some Russian Soldiers in Syria that were geo located by some Russian Investigative bloggers seeking to identify current troop locations in Syria. This story started a lengthy online conversation about how a large amount of modern military intelligence is now obtained through Open Sourced information such as geo-tagging.

Geo-Tagging is made possible through EXIF meta-data. It is important to review how to both modify this data to both avoid YOUR photo’s being discovered and discover another person’s photo location if need be.

The Second way is what we discussed in the opening paragraph; identifying similar backgrounds or Similar Background Search. There are several ways to accomplish this, the easiest way is through Google Image Search and Reverse Image Searchwhich are fairly self-explanatory to use, simply click-n-drag the photo into the search box.

TIP: As a general rule (something that was also briefly discussed in Homeland) when you take a selfie or any other picture and you want to minimize the chance that somebody will be able to identify your location, minimize the AMOUNT of background in your picture, regardless of what it is. Remember, in the age of the internet, sometimes the smallest thing can be recognized and identified.

Stay Alert, Stay Armed and Stay Dangerous!